Take a look at ESG Research and you’ll see a number of simultaneous trends. Enterprises are consolidating data centers, packing them full of virtual servers, and hosting more and more web applications within them. This means massive traffic coming into and leaving data centers.
Yes, this traffic needs to be switched and routed, but this is actually the easiest task. What’s much harder is processing this traffic at the network for security, acceleration, application networking, etc. This processing usually takes place at the network edge, but additional layers are also migrating into the data center network itself for network segmentation of specific application services.
Think of it this way: There is a smart-fat network edge that feeds multiple smart-thin network segments.
The smart-fat network edge aggregates lots of network device functionality into a physical device, cluster of devices, or virtual control plane. This is the domain of vendors like Cisco, Crossbeam Systems, and Juniper Networks for security and companies like A10 Networks, Citrix (Netscaler), and F5 Networks for application delivery. These companies will continue to add functionality to their systems (for example, XML processing, application authentication/authorization, business logic, etc.) to do more packet and content processing over time. It wouldn’t surprise me at all if security vendors added application delivery features and the app delivery crowd added more security.
Once the smart-fat network edge treats all traffic, packets and content will be processed further within the data center (i.e., smart-thin network edge). This will most likely be done using virtual appliances like the Citrix VPX. Why? Virtual appliances can be provisioned on the fly with canned policies or customized for specific workloads. They can also follow applications that migrate around internal data centers or move to public clouds.
A few other thoughts here:
The smart-fat, smart-thin architecture is already playing out in cloud computing and wireless carrier networks today and I expect it to become mainstream in the enterprise segment over the next 24 months. The technology is ready today but many users have no idea how to implement this type of architecture or capitalize on its benefits. Vendors who can guide users along with knowledge transfer, best practices, and reference architectures are most likely to reap the financial rewards.
Tags: A10 Networks, application networking, Cisco Systems, Citrix, Cloud Computing, Crossbeam Systems, Dell, F5 Networks, HP, IBM, identity management, Juniper Networks, routing, server virtualization, switching, XML Posted in Uncategorized | No Comments »
The international horse show wasn’t the only event in Washington DC this week; I participated in the Virtualization, Cloud, and Green Computing event in our nation’s capital. One of the guest speakers was Ira “Gus” Hunt, CTO at the CIA. If you haven’t seen Gus speak, you are missing something. He is very strong on the technical side and extremely energetic and entertaining.
Gus focused on cloud computing activities at the CIA (I’ll blog about this soon), but I was intrigued by one of his slide bullets that referred to something he called the “encrypted enterprise.” From the CIA’s perspective, all data is sensitive whether it resides on an enterprise disk system, lives in a database column, crosses an Ethernet switch, or gets backed up on a USB drive. Because of this, Hunt wants to create an “encrypted enterprise” where data is encrypted at all layers of the technology stack.
The CIA is ahead here, but ESG hears a similar goal from lots of other highly regulated firms. When will this happen? Unfortunately, it may take a few years to weave this together as there are several hurdles to overcome including:
A lot of the technical limitations are being worked on at this point, so the biggest impediment may be based upon people and not technology. We simply don’t have a lot of experience here, so we need to proceed with research, thought, and caution. To get to Gus Hunt’s vision of the “encrypted enterprise,” we need things like reference architectures, best practices, and maturity models as soon as possible. Look for service providers like CSC, HP, IBM, and SAIC to offer “encrypted enterprise” services within the next 24 months.
Tags: CIA, CSC, EFS, EMC, Emulex, Encrypted enterprise, Gus Hunt, HP, IBM, KMIP, Microsoft, Oracle, PGP, RSA, SAIC, Symantec Posted in Uncategorized | No Comments »
Did you see the series of announcements Cisco made this week? It was pretty impressive. This is the traditional season where Cisco announces products and new initiatives but this week’s announcements were very extensive — new switches, routers, security devices, wireless access points, WAN optimization equipment, etc.
In its marketing mastery, Cisco related all of these announcements to two core strategic initiatives, data center virtualization and borderless networks. In other words, Cisco is talking about the way IT applications and services are hosted (central data centers, virtualization, cloud), and the way they are accessed (wired and wireless networks, security, access control).
Cisco is clearly demonstrating that it plays in a different space then it used to. It’s all about industries, business processes, and enterprise IT now; the network simply glues all the pieces together. So why all these announcements at once? Doesn’t this water down the individual piece parts? I don’t think so. Cisco is actually doubling down on integration across its products with an overall strategy aimed at:
Now I realize that the “integrated stack” story has limited value today since customers have a history of buying servers from HP, wired networks from Cisco, Wi-fi from Aruba, storage from , etc. That said, IT is radically changing. For example, ESG Research indicates that server virtualization is driving a lot more cooperation across disparate functional IT groups. As these organizations come together, it’s only natural that they will look for common solutions from fewer vendors.
In the meantime, service providers and financially-strapped organizations (i.e., State/local government, higher education, real estate, etc.) will look for IT savings anywhere they can, even if it means moving away from some vendors with relatively stronger point products in the process.
Cisco also has a services opportunity in that it gets to play services Switzerland and partner with companies like Accenture, CSC, and Unisys in competition with IBM Global Services and HP/EDS.
Lots of people knock Cisco products and point to better, faster, cheaper alternatives. Maybe, but the overall Cisco story seems pretty strong to me. As of Tuesday, Cisco has a bunch of new products that support its corporate strategy and make its story even stronger.
Tags: Acceture, Aruba Networks, Cisco Systems, CSC, HP, IBM, Juniper Networks, Riverbed, Unisys Posted in Uncategorized | 2 Comments »
Last week, 20-somethings on Wall Street were buzzing about self-serving rumors that IBM would buy Brocade Networks. Well that didn’t happen (and I don’t think it ever will), but IBM did make a networking acquisition when it scooped up Blade Networks today. Terms of this deal were not disclosed.
Why Blade and not Brocade? Several reasons:
IBM is also probably anticipating a technology change in the HPC market as 40 and 100 gigabit Ethernet replaces Infiniband. Once again, Blade Networks will provide a turnkey blade solution for scientific computing and smart planet analytics. Blade also provides port and device consolidation for the burgeoning trend toward Ethernet-based storage.
I really don’t think that IBM wants a stand-alone networking business again, so an acquisition of Brocade, Extreme, Force 10, or even Juniper seems unlikely. With Blade, IBM can deliver a data center unit–complete with memory, processors, and networking/storage IO–in a tightly-integrated can. My guess is that IBM will sell a ton of these.
Tags: Blade Networks, Brocade Networks, Ethernet Storage, Extreme Networks, Force 10, HP, IBM, Infiniband, Juniper Networks Posted in Uncategorized | No Comments »
I was at Oracle Open World yesterday when I heard the rumor that IBM was going to buy Brocade. At the time, I was meeting with a group that had collective industry experience of more than 100 years. We all laughed this off as hearsay.
The fact is that IBM already OEMs equipment from Brocade (as well as Juniper) so it is not lacking in engineering experience or alternatives. Does IBM want to start a stand-alone networking business? Does it want to OEM Fibre Channel switches to and HP? Does it want to bet on Brocade/Foundry Ethernet switches against the rest of the industry? No, no, and no.
This is not the only silly rumor we’ve heard lately. Last week, Microsoft was going to buy Symantec. Yeah sure, there are no antitrust implications there. And does Microsoft really want to buy a company that has about a dozen products that are redundant to its own?
How about Oracle buying HP? Larry may be spinning this up for fun, but it’s simply crazy talk. Oracle, a software company focused on business applications and industry solutions, wants to get into the PC and printer businesses? Yeah, I know, “What about servers and storage?” To which I answer, “What about Sun?”
These rumors are circulating because of the recent uptick in M&A activity, but my strong bet is that nothing remotely similar will happen. The rumors must then be coming from one of two sources:
Not all mergers make sense, but there tends to be some business logic inherent in most transactions. Let’s try and remember that before spreading rumors for personal or unethical gain.
Tags: Brocade, HP, IBM, Juniper Networks, McAfee, Oracle, Symantec Posted in Uncategorized | 1 Comment »
My colleague Mark Bowker and I are knee-deep in new research data on server virtualization. Within this mountain of data, we are discovering some existing and impending networking issues related to network switching.
Today, many server virtualization projects are led by server administrators, with little or no participation from the networking team. As you may imagine, this means that the server team configures all virtual switches to the best of its ability, without considering how physical switches are already configured. As things scale, the server team realizes the error of its ways and quickly calls the networking group in to help out. This is where things really break down. Before doing anything, the networking folks have to learn the virtualization platform, understand how the physical and virtual networks should interoperate, and then roll up their sleeves and start gluing everything together.
This is a painful learning curve but I believe that future issues will be far more difficult. As organizations increase the number of VMs deployed, networking configurations get more difficult — especially when VMs move around. Users regularly complain about the number of VLANs they have to configure, provision, and manage. This situation will grow worse and worse as VMs become the standard unit of IT.
In my mind, it makes no sense for virtualization vendors like Citrix, Microsoft, Oracle, and VMware to recreate the richness of physical L2 switches in the virtual world. So what can be done? Well one alternative is to eliminate virtual switches entirely and do all switching at the physical layer via the Virtual Ethernet Port Aggregator (VEPA) standard being developed in the IEEE.
I believe this will happen but in the meantime there is another alternative being discussed this week at the Citrix Industry Analyst Event — Open vSwitch. As described on the Apache web site, “Open vSwitch is a multilayer virtual switch licensed under the open source Apache 2.0 license. The goal is to build a production quality switch for VM environments that supports standard management interfaces (e.g., NetFlow, RSPAN, ERSPAN, CLI), and is open to programmatic extension and control.”
Here’s why this makes sense to me:
At the very least, Citrix, Microsoft, and Oracle should back this as a way to push back on VMware’s marketshare lead.
I’ve been around long enough to know the strengths and limitations of open source and standards but I think that with the right support, this one could have legs. I know that vendors have their own businesses to look after but isn’t another end goal to create products that the market wants? I think Open vSwitch would fit this bill.
Tags: Brocade, Cisco, Citrix, Extreme Networks, Force 10, HP, IEEE, Juniper, Microsoft, Open vSwitch, Oracle, VEPA, VMware Posted in Uncategorized | No Comments »
Earlier today, IBM announced its intention to acquire OpenPages, a privately-held software company focused on identifying and managing risk and compliance.
There is obvious value in this deal based upon market interest in risk management alone. In the past ten years we’ve seen the subprime mortgage securities collapse, a rise in global terrorism, and explosive growth in cybercrime. Certainly businesses need better risk management tools to cope with these kinds of events.
With OpenPages, IBM gets to throw its hat further into the risk management ring, but that’s not all. OpenPages provides IBM with strong synergies around other IBM business opportunities like:
Clearly the OpenPages wasn’t as newsworthy as HP buying ArcSight or Intel buying McAfee, but it certainly aligns with IBM’s strategy, complements existing products and services, and gives IBM sales reps another solution to sell to customers.
Tags: ArcSight, Consul, HP, IBM, Intel, IT Risk Management, McAfee, OpenPages, Risk Management Posted in Uncategorized | No Comments »
The waiting and guessing games are over; today, HP announced its intent to buy security management software leader ArcSight for $1.5 billion. I didn’t think HP would pull the trigger on another billion+ dollar acquisition before hiring a new CEO, but obviously I was wrong.
ArcSight is a true enterprise software company. As I recall, many of the early ArcSight management team members actually came from HP OpenView. With this model in mind, ArcSight went beyond technology and invested early in top field engineers, security experts, and sales people. This vaulted the company to a leadership position and it never looked back.
For HP, ArcSight fits with its overall focus on IT operations software solutions for Business Technology Optimization. In the future, security information will be one of many inputs that helps CIOs improve IT management and responsiveness. It won’t happen overnight, but think of all sources of IT management data (i.e., log data, SNMP, network flow data, configuration data, etc.) available for query, analysis, and reporting in a common repository. This is what HP has in mind over the long haul.
In the meantime, HP should get plenty of ArcSight bang-for-the-buck over the next 12-24 months by:
In spite of its security services and thought leadership, HP’s name has been notably absent from IT security leadership discussions in the past. ArcSight should change that.
A few other quick thoughts:
Tags: ArcSight, Check Point, CNCI, F5, FISMA, HP, Oracle, Riverbed Posted in Uncategorized | No Comments »
While many folks were sunning themselves at the beach this past summer, IBM introduced some pretty important security technology: the Tivoli Key Lifecycle Manager (TKLS). Basically, the TKLS products are designed to create, manage, secure, and store encryption keys as a service.
What’s so special about this? First, key management is one of those IT security disciplines that will go from relatively esoteric to an enterprise requirement in the next year or so. Why? More and more data is being encrypted each day, so key management is becoming increasingly important. Stolen encryption keys could compromise the confidentiality of sensitive data while lost encryption keys could transform critical data into meaningless ones and zeros. Pretty soon, all large enterprises will have something resembling TKLS.
As far as IBM TKLS goes, it looks good to me because:
In general, neither key management nor TKLS will get much visibility or industry recognition — key management is just a bit too geeky for most IT folks. Nevertheless, next-generation cloud computing will depend upon ubiquitous trust and data security. IBM gets this more than most. Think of TKLS as its part of its security plumbing for a smarter planet.
Tags: HP, IBM, KMIP, RSA, SafeNet, Smarter Planet, TKLS Posted in Uncategorized | No Comments »
Anyone remotely interested in identity management should definitely download a copy of the National Strategy for Trusted Identities in Cyberspace (NSTIC) document. It can be found at this link: .
A a very high level, the strategy calls for the formation of a standards-based interoperable identity ecosystem to establish trusted relationships between users, organizations, devices, and network services. The proposed identity ecosystem is composed of 3 layers: An execution layer for conducting transactions, a management layer for identity policy management and enforcement, and a governance layer that establishes and oversees the rules over the entire ecosystem.
There is way more detail that is far beyond this blog but suffice it to say the document is well thought out and pretty comprehensive in terms of its vision. This is exactly the kind of identity future we need to make cloud computing a reality. Kudos to Federal Cyber coordinator Howard Schmidt and his staff for kicking this off.
I will post my feedback on the official website, but a few of my suggestions are as follows:
There will be lots of other needs as well. The document recommends identity and trust up and down the technology stack but it doesn’t talk about the expense or complexity of implementing more global use of IPSEC, BGPSEC, and DNSSEC. There is also the need for rapid maturity in encryption, key management, and certificate management. Good news for RSA, PGP, nCipher (Thales), IBM, HP, Venafi, and others.
The key to me is building a federated, plug-and-play, distributed identity ecosystem that doesn’t rely on any central authority or massive identity repository. This is an ambitious goal but one that can be achieved — over time — if the Feds get the right players on board and push everyone in the same direction.
Tags: BGPSEC, CA, Cyber Coordinator, DNSSEC, Federal Government, Howard Schmidt, HP, IBM, IPSec, Liberty, Microsoft, Microsoft Geneva, National Strategy for Trusted Identities in Cyberspace. nCipher, Novell, NSTIC, Open ID, Oracle, PGP, PKI, Project Higgins, RSA, Shibboleth, Symantec, Thales, Venafi, Verisign, Web services Posted in Uncategorized |
Your email: